Summary
This host is running eFront and is prone to Remote File Inclusion vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary code on the vulnerable Web server.
Impact level: Application.
Solution
Apply the patch from below link.
http://svn.efrontlearning.net/repos/efront/trunc/libraries/database.php
*****
NOTE: Please ignore this warning if the patch is already applied.
*****
Insight
The flaw is due to improper validation of user supplied data and can be exploited via 'path' parameter in 'libraries/database.php' to include and execute remote files on the affected system.
Affected
eFront version 3.5.4 and prior.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-3660 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Apache Solr Directory Traversal Vulnerability Jan-14